On Tue, Nov 15, 2016 at 04:21:17AM -0500, Ron Wheeler wrote: > Fail2ban might be able to do the whack-a-mole in a sensible manner that > allowed for innocent interruptions but banned the bad guys
For the kind of attempts I typically see, F2B won't do much. It's usually not a brute force type of attach. Generally it's only a single connection that either attempts to fingerprint the server (checking for known vulns) or just tries a few "easy" passwords (e.g. root/root, pi/raspberry). I would suggest simple connection rate limiting and enforcing strong passwords as a better (in my opinion) option. --Sean
